What You’ll Do Lead and coordinate threat detection & incident response efforts, including maintaining and refining security playbooks and response processes. Develop and maintain detection engineering content across SIEM, XDR, and cloud-native logging systems (AWS CloudTrail, K8s, Wiz, PAM, etc.). Triage and manage alerts from cloud security posture management and monitoring platforms, ensuring efficient workflows and accurate escalations. Oversee and enhance logging pipelines, SIEM rules, and threat detection coverage to improve fidelity and reduce noise. Implement and optimize log management, cloud monitoring, and security automation to improve the efficiency of response. Build and maintain automation and orchestration workflows to streamline alert triage and incident response. Partner with engineering teams to integrate security visibility into infrastructure, applications, and CI/CD pipelines. Participate in the security on-call rotation to respond to and mitigate incidents. Collaborate with a purple team mindset, working closely with defenders and offensive security partners to continually improve detection coverage across the organization. Continuously evaluate and improve threat detection coverage, alert fidelity, and response automation.

What We’re Looking For 5+ years of hands-on security engineering experience (incident response, detection engineering, or SOC engineering). Strong experience in AWS environments, including CloudTrail, IAM, and native logging. Proficiency with SIEM, EDR/XDR, and cloud security monitoring tools. Hands-on scripting and automation skills (Python, SOAR platforms a plus), with an ability to streamline workflows and reduce manual effort. Experience building and tuning detections, triaging alerts from cloud security posture management tools. Experience working with Cloud Security Posture Management platforms, including triaging alerts, tuning policies, and integrating findings into workflows. Understanding of common security threats, vulnerabilities, and mitigations, and the ability to operationalize defenses. Familiarity with modern application stacks, CI/CD pipelines, and DevSecOps practices. Strong ability to collaborate with engineering teams to incorporate security visibility in ways that enhance, rather than hinder, development. A problem-solver mindset, balancing automation, detection, and pragmatic defenses to reduce risk. Relevant security certifications are a plus but we value hands-on experience and problem-solving skills over formal credentials.

Nice to Have Skills Exposure to threat hunting or purple team collaboration. Knowledge of application security pipelines (GitHub, Terraform, CI/CD security).